In this blog, we’ve analyzed data from Netskope customers that include security settings of over 1 million entities in 156,737 Google Cloud (GCP) projects across hundreds of organizations (see Dataset and Methodology for more details on the dataset). We will specifically look at the configuration of service accounts, see what’s commonly occurring in the real world, and analyze how multiple security misconfigurations can lead to escalation of privileges and lateral movement.

Co-authored by Andy Horwitz and Yuri Duchovny Today, Netskope released a new cloud security solution to help AWS customers provide consistent security across all their AWS accounts leveraging AWS Control Tower. Many AWS Customers follow the multi-account framework as a best practice to isolate teams and workloads on the cloud. Often this may introduce overhead in terms of policy configuration and management.

We are going through a period of huge security and networking upheaval. Transformation projects are afoot in the vast majority of organisations and architectural ideologies are shifting towards SASE and Zero Trust. We are all seeing and experiencing this first hand, but anecdotal tales of how organisations are handling these changes are inconsistent. Some are seeing security teams expanding, while others are decentralising the team and distributing security expertise across project taskforces.

Black Friday is a long-awaited day for many people, as it generates a lot of sales in both physical stores and online marketplaces. With the ongoing COVID pandemic, online sales are expected to be even more intense this year, and along with that, we will likely see an increase in cyber scams. Attackers will try to steal your money in many ways: through phishing sites, banking malware, remote access trojans, and more. However, there is one type of malware that people often underestimate: adware.

Several malware families are distributed via Microsoft Office documents infected with malicious VBA code, such as Emotet, IceID, Dridex, and BazarLoader. We have also seen many techniques employed by attackers when it comes to infected documents, such as the usage of PowerShell and WMI to evade signature-based threat detection. In this blog post, we will show three additional techniques attackers use to craft malicious Office documents.

At the beginning of 2021, Emotet was considered to be the world’s most dangerous malware by Europol. The threat was first discovered in 2014 when it was acting as a banking trojan. Over the years, the malware evolved into one of the most relevant botnets in the threat landscape, often used to deliver other threats, such as Trickbot and Ryuk ransomware. Netskope detected Emotet during Oct 2020, using PowerShell and WMI to download and execute its payload.

It is prediction time once again, and we’ve polled some of our esteemed experts here at Netskope to see what’s piquing their interest with 2022 on the horizon. Much like our predictions last year, we’ve broken the list out into some longer shots and some pretty safe bets. Here’s what we think is in store for 2022.

The abuse of Google Drive to deliver malicious content continues, and two recent examples remind us how the flexibility of this cloud storage tool can be easily weaponized by malicious actors. And the spectrum of content that can be distributed, and victims that can be targeted is surprising.

Cloud Access Security Brokers (CASB), also known as Cloud Security Gateways, were created to address the increasing cloud security problems facing organizations as cloud and application usage increased over the last decade.

In this hyperconnected world, where 70% of users continue to work remotely, sharing data in real-time with partners and customers leveraging the flexibility of the cloud is a fundamental aspect for the daily operations of businesses worldwide. In this scenario, the risk of misconfigurations exposing sensitive data continues to be a serious (and frequent) concern.